On Sun, Mar 03, 2024 at 06:42:41PM +0000, lgl island-resort.com wrote: > > If you read the paragraph before you get more context and more > understanding why there’s both. Seems more like efficiency / economy > trade-off. You don’t really need both. There’s no security reason > for one or the other.
With single message, it seems like a bad trade-off: - aad is faster, as it is polymac instead of full-blown hash function. - aad is much easier to implement without allocations, as it is not part of some larger structure. - aad is trivially secure from definition of AEAD, but security of info does not trivially follow. With multiple messages, there are reasons to use both, but I can not come up with any actual reason to use info with a single message. -Ilari _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
